Changelog
RepliMap release history and updates
All notable changes to RepliMap are documented here. This project adheres to Semantic Versioning.
[Unreleased]
Added
Unified SQLite Graph Backend
- Single SQLite backend replaces hybrid NetworkX/SQLite design
- WAL mode for concurrent read/write operations
- FTS5 full-text search for resource discovery
- 10-100x faster dependency traversal using SQL CTEs
SARIF Support for GitHub Security
- GitHub Advanced Security compatible output
- 16 predefined rules (AUDIT001-008, DRIFT001-004, ANALYSIS001-004)
- Stable fingerprints prevent duplicate alerts
- Rich markdown messages with severity badges
Offline Drift Detection
- Detect drift using cached scans without AWS connection
- Works in air-gapped environments
.replimapignorefile support for benign drift filtering- Compare scans over time
IAM Least Privilege Generator
- Graph-aware policy generation
- Boundary-aware traversal (TERMINAL, DATA, SECURITY, TRANSITIVE)
- Automatic implicit dependency discovery
- Policy optimization with sharding for 6KB limit
Fixed
- Cross-account variable fallback pattern for missing dependencies
- AWS system tag filtering (
aws:*prefix) - UserData Base64 sanitization
- Main route table handling using
aws_default_route_table - Secondary VPC CIDR support
- Terraform 1.5+ import block generation
[0.1.0] - January 2025
Added
Core Features
- Graph-based AWS resource scanning engine using NetworkX
- Support for 24 resource types (VPC, EC2, RDS, Lambda, S3, etc.)
- Dependency tracking between resources
- Topological sorting for correct Terraform ordering
IaC Generation
- Terraform HCL renderer (Free+)
- CloudFormation YAML renderer (Solo+)
- Pulumi Python renderer (Pro+)
Transformers
- Sanitization: Removes secrets, passwords, sensitive data
- Downsize: Reduces EC2/RDS instance sizes
- Renaming: Converts prod → staging naming
- Network Remapper: Updates resource references
Commercial Features
- License management with plan tiers
- Feature gating with decorators
- Usage tracking with monthly quotas
- Local license caching with offline grace period
CLI Commands
scan- Scan AWS resourcesclone- Generate Infrastructure-as-Codegraph- Visualize dependenciesaudit- Security and compliance checksdrift- Detect configuration driftdeps- Explore dependenciescost- Estimate monthly costsiam- Generate IAM policieslicense- Manage license
Performance
- Parallel scanning with ThreadPoolExecutor
- AWS rate limit handling with exponential backoff
- MFA credential caching (12-hour TTL)
Plan Comparison
| Feature | Free | Solo | Pro | Team | Enterprise |
|---|---|---|---|---|---|
| Resources/Scan | ∞ | ∞ | ∞ | ∞ | ∞ |
| Scans/Month | 3 | ∞ | ∞ | ∞ | ∞ |
| AWS Accounts | 1 | 1 | 3 | 10 | ∞ |
| Terraform Output | ✅ | ✅ | ✅ | ✅ | ✅ |
| CloudFormation | ❌ | ✅ | ✅ | ✅ | ✅ |
| Pulumi | ❌ | ❌ | ✅ | ✅ | ✅ |
| Full Audit Details | ❌ | ✅ | ✅ | ✅ | ✅ |
| Drift Detection | ❌ | ❌ | ✅ | ✅ | ✅ |
| Trust Center | ❌ | ❌ | ❌ | ✅ | ✅ |
| SSO | ❌ | ❌ | ❌ | ❌ | ✅ |
See Pricing for current plan details and pricing.